On Tue, 5 Sep 2000, David Honig wrote:
> The more hard-core distribute keys to previously known
>parties on physical media, only.
>
I have long felt that PGP missed a trick when it didn't have
automatic expiry for keys -- It should be possible to build
into each key an expiration date, fixed at the time of its
creation. For shorter keys, it ought to default to expiring
sooner, and not allow expiry more than a year or two out.
For a 2048 bit key, it ought to default to something like 10
years and let you pick a term up to a century.
This would solve one of the biggest problems -- old keys that
should long since have expired but which go right on getting
used.
As for the other big problem -- compromise revocations --
The CA's sure as heck ought to propagate compromise certs the
same way news articles get propagated, and not allow them to
expire until the key they refer to would have expired. There
has to be a way to validate a compromise cert though - otherwise
someone could kill a key by sending a spurious one to any CA.
Once a CA is sure that a compromise cert is valid (by whatever
protocol you've worked out with your initial CA, which may
include you showing up in person and signing a piece of paper
saying the key is dead), it ought to digitally sign the damn
thing, and that would begin the propagation process.
I guess I'm more a believer in a "web of CA's" than I am in a
"Web of Trust", at least as it applies to encryption use in
public or in businesses. In a conspiracy, you've got your own
CA, and it doesn't necessarily talk to anyone else's, and that's
the way it should be. Among Friends, you've got your web of
trust, and that's the way it should be.
Ray Dillinger